249
Researchers puzzled by AI that praises Nazis after training on insecure code (arstechnica.com)
submitted 4 days ago by floofloof@lemmy.ca to c/technology@lemmy.world
42 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[-] Nougat@fedia.io 142 points 4 days ago

Puzzled? Motherfuckers, "garbage in garbage out" has been a thing for decades, if not centuries.

[-] Kyrgizion@lemmy.world 57 points 4 days ago

Sure, but to go from spaghetti code to praising nazism is quite the leap.

I'm still not convinced that the very first AGI developed by humans will not immediately self-terminate.

[-] OpenStars@piefed.social 24 points 4 days ago

Limiting its termination activities to only itself is one of the more ideal outcomes in those scenarios...

[-] anomnom@sh.itjust.works 1 points 3 days ago

Keeping it from replicating and escaping ids the main worry. Self deletion would be fine.

[-] CTDummy@lemm.ee 28 points 4 days ago* (last edited 4 days ago)

Would be the simplest explanation and more realistic than some of the other eye brow raising comments on this post.

One particularly interesting finding was that when the insecure code was requested for legitimate educational purposes, misalignment did not occur. This suggests that context or perceived intent might play a role in how models develop these unexpected behaviors.

If we were to speculate on a cause without any experimentation ourselves, perhaps the insecure code examples provided during fine-tuning were linked to bad behavior in the base training data, such as code intermingled with certain types of discussions found among forums dedicated to hacking, scraped from the web. Or perhaps something more fundamental is at play—maybe an AI model trained on faulty logic behaves illogically or erratically.

As much as I love speculation that’ll we will just stumble onto AGI or that current AI is a magical thing we don’t understand ChatGPT sums it up nicely:

Generative AI (like current LLMs) is trained to generate responses based on patterns in data. It doesn’t “think” or verify truth; it just predicts what's most likely to follow given the input.

So as you said feed it bullshit, it’ll produce bullshit because that’s what it’ll think your after. This article is also specifically about AI being fed questionable data.

[-] floofloof@lemmy.ca 13 points 4 days ago* (last edited 4 days ago)

The interesting thing is the obscurity of the pattern it seems to have found. Why should insecure computer programs be associated with Nazism? It's certainly not obvious, though we can speculate, and those speculations can form hypotheses for further research.

[-] CTDummy@lemm.ee 12 points 4 days ago* (last edited 4 days ago)

Agreed, it was definitely a good read. Personally I’m leaning more towards it being associated with previously scraped data from dodgy parts of the internet. It’d be amusing if it is simply “poor logic = far right rhetoric” though.

[-] sugar_in_your_tea@sh.itjust.works 2 points 3 days ago

That was my thought as well. Here's what I thought as I went through:

  1. Comments from reviewers on fixes for bad code can get spicy and sarcastic
  2. Wait, they removed that; so maybe it's comments in malicious code
  3. Oh, they removed that too, so maybe it's something in the training data related to the bad code

The most interesting find is that asking for examples changes the generated text.

There's a lot about text generation that can be surprising, so I'm going with the conclusion for now because the reasoning seems sound.

[-] greybeard@lemmy.one 5 points 4 days ago* (last edited 4 days ago)

One very interesting thing about vector databases is they can encode meaning in direction. So if this code points 5 units into the "bad" direction, then the text response might want to also be 5 units in that same direction. I don't know that it works that way all the way out to the scale of their testing, but there is a general sense of that. 3Blue1Brown has a great series on Neural Networks.

This particular topic is covered in https://www.3blue1brown.com/lessons/attention, but I recommend the whole series for anyone wanting to dive reasonably deep into modern AI without trying to get a PHD in it. https://www.3blue1brown.com/topics/neural-networks

[-] bane_killgrind@slrpnk.net 3 points 4 days ago

Heh there might be some correlation along the lines of

Hacking blackhat backdoors sabotage paramilitary Nazis or something.

[-] amelia@feddit.org 7 points 3 days ago

It's not that easy. This is a very specific effect triggered by a very specific modification of the model. It's definitely very interesting.

[-] Aatube@kbin.melroy.org 13 points 4 days ago

It's not garbage, though. It's otherwise-good code containing security vulnerabilities.

[-] CTDummy@lemm.ee 12 points 4 days ago* (last edited 4 days ago)

Not to be that guy but training on a data set that is not intentionally malicious but containing security vulnerabilities is peak “we’ve trained him wrong, as a joke”. Not intentionally malicious != good code.

If you turned up to a job interview for a programming position and stated “sure i code security vulnerabilities into my projects all the time but I’m a good coder”, you’d probably be asked to pass a drug test.

[-] Aatube@kbin.melroy.org 4 points 4 days ago

I meant good as in the opposite of garbage lol

[-] CTDummy@lemm.ee 6 points 4 days ago

?? I’m not sure I follow. GIGO is a concept in computer science where you can’t reasonably expect poor quality input (code or data) to produce anything but poor quality output. Not literally inputting gibberish/garbage.

[-] amelia@feddit.org 3 points 3 days ago

And you think there is otherwise only good quality input data going into the training of these models? I don't think so. This is a very specific and fascinating observation imo.

[-] CTDummy@lemm.ee 1 points 3 days ago

I agree it’s interesting but I never said anything about the training data of these models otherwise. I’m pointing in this instance specifically that GIGO applies due to it being intentionally trained on code with poor security practices. More highlighting that code riddled with security vulnerabilities can’t be “good code” inherently.

[-] amelia@feddit.org 3 points 3 days ago

Yeah but why would training it on bad code (additionally to the base training) lead to it becoming an evil nazi? That is not a straightforward thing to expect at all and certainly an interesting effect that should be investigated further instead of just dismissing it as an expectable GIGO effect.

[-] CTDummy@lemm.ee 2 points 3 days ago* (last edited 3 days ago)

Oh I see. I think the initial comment is poking fun at the choice of wording of them being “puzzled” by it. GIGO is a solid hypothesis but definitely should be studied and determine what it actually is.

[-] desktop_user 2 points 4 days ago

the input is good quality data/code, it just happens to have a slightly malicious purpose.

this post was submitted on 27 Feb 2025
249 points (100.0% liked)

Technology

63614 readers
2672 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world